No commit activity in last 3 years
No release in over 3 years
Wrapper to OS-provided timing-safe memory comparison.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

>= 0
>= 0
 Project Readme

consttime_memequal? : thin wrapper to OS-provided constant-time memory comparison routine.

This kind of routine must be provided a priori but [Feature #10098] is not yet implemented. We have to make glue code for now.

Provided functionality

This library provides one global function named consttime_memequal?. Which is of course not very ruby-ish, I know, but best describes what is going on.

consttime_memequal?(b1, b2, len=b1.bytesize) # => true / false

Compares first len bytes of b1 and b2. Returns true if they are identical. Returns false if they are distinct.

Q&As

Why the name consttime_memequal?

NetBSD has consttime_memequal(3). We followed it.

This library fails to load on my machine. Why?

Install OpenSSL (or LibreSSL).

I can't install OpenSSL for reasons. What to do?

Install OpenBSD instead (or NetBSD).

I wrote a general implementation! Can I pull request?

No you don't. By the nature of its provided functionality, someone who implement this have to be very careful about side-channel attacks. You definitely shouldn't do it for yourself. Make your OS provide one for you.

Bug fix etc. are much appreciated!

Then what can I do?

Go to [Feature #10098] and persuade the core devs to implement that feature. That's the lethal solution to the situation.